Thanks Jakub. so sshd will check nsswitch.conf before refering to /etc/passwd file. . Does sssd/NSS has a way to fetch user names from sources like RADIUS/TACACS server? We wanted to enable RADIUS/TACACS Authentication using PAM and enabling PAM in sshd. Regards, Ivan On Wed, Jan 3, 2018 at 2:34 PM, Jakub Jelen <jjelen@xxxxxxxxxx> wrote: > On Wed, 2018-01-03 at 13:50 +0530, Sudarshan Soma wrote: > > HI, I do see some refernce on it: but seems not closed > > https://marc.info/?l=secure-shell&m=115513863409952&w=2 > > > > http://bugzilla.mindrot.org/show_bug.cgi?id=1215 > > > > > > Is this patch available in latest versions, 7.6? > > No. It never was. > > The SSSD is using NSS (Name Service Switch) [1] way of getting > credentials. It allows to get them from many sources. > > [1] https://en.wikipedia.org/wiki/Name_Service_Switch > > Regards, > Jakub > > > On Wed, Jan 3, 2018 at 1:48 PM, Sudarshan Soma <sudarshan12s@xxxxxxxx > > m> > > wrote: > > > > > Hi I am trying to write pam_radius module which talks to RADIUS > > > server for > > > aaa. > > > > > > I see sshd checks /etc/passwd for user list. Since RADIUS server > > > has user > > > list, can sshd ignore this check for RADIUS/TACACS+ authentication, > > > Please > > > suggest if there are any flags to control it. > > > > > > I am using the following versions. > > > OpenSSH_6.6p1, OpenSSL 1.0.2n 7 Dec 2017 > > > > > > I see sssd (NAS) being used for such use cases, how does sshd > > > ignore > > > /etc/passwd in those cases. > > > Please suggest > > > > > > Regards, > > > Ivan. > > > > > > > _______________________________________________ > > openssh-unix-dev mailing list > > openssh-unix-dev@xxxxxxxxxxx > > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > -- > Jakub Jelen > Software Engineer > Security Technologies > Red Hat, Inc. > _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
